fix: validate integer/long enum values during deserialization

Use FromStringOrDefault for all numeric enum types (int, long, float,
double, decimal), not just float/double/decimal. This ensures invalid
values throw JsonException instead of being silently cast to the enum.

Co-authored-by: alexaka1 <22166651+alexaka1@users.noreply.github.com>

Author: Copilot

modules/openapi-generator/src/main/resources/csharp/modelEnum.mustache

@@ -155,14 +155,18 @@
         public override {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}} Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
             {{#isInteger}}
-            {{>EnumValueDataType}} rawValue = reader.{{>EnumJsonReaderMethod}}();
-            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}} result = ({{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}})rawValue;
-            return result;
+            string rawValue = reader.{{>EnumJsonReaderMethod}}().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}? result = {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}ValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
             {{/isInteger}}
             {{#isLong}}
-            {{>EnumValueDataType}} rawValue = reader.{{>EnumJsonReaderMethod}}();
-            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}} result = ({{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}})rawValue;
-            return result;
+            string rawValue = reader.{{>EnumJsonReaderMethod}}().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}? result = {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}ValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
             {{/isLong}}
             {{#isFloat}}
             string rawValue = reader.GetSingle().ToString(System.Globalization.CultureInfo.InvariantCulture);
@@ -236,14 +240,18 @@
 
             {{/isString}}
             {{#isInteger}}
-            {{>EnumValueDataType}} rawValue = reader.{{>EnumJsonReaderMethod}}();
-            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}} result = ({{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}})rawValue;
-            return result;
+            string rawValue = reader.{{>EnumJsonReaderMethod}}().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}? result = {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}ValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
             {{/isInteger}}
             {{#isLong}}
-            {{>EnumValueDataType}} rawValue = reader.{{>EnumJsonReaderMethod}}();
-            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}} result = ({{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}})rawValue;
-            return result;
+            string rawValue = reader.{{>EnumJsonReaderMethod}}().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}? result = {{datatypeWithEnum}}{{^datatypeWithEnum}}{{classname}}{{/datatypeWithEnum}}ValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
             {{/isLong}}
             {{#isFloat}}
             string rawValue = reader.GetSingle().ToString(System.Globalization.CultureInfo.InvariantCulture);

modules/openapi-generator/src/test/java/org/openapitools/codegen/csharpnetcore/CSharpClientCodegenTest.java

@@ -278,14 +278,16 @@ public void testIntegerEnumJsonConverterUsesNumericOperations() throws IOExcepti
         Map<String, File> files = defaultGenerator.generate().stream()
                 .collect(Collectors.toMap(File::getPath, Function.identity()));
 
-        // Verify integer enum uses numeric JSON reader/writer
+        // Verify integer enum uses numeric JSON reader with validation
         File intEnumFile = files.get(Paths
                 .get(output.getAbsolutePath(), "src", "Org.OpenAPITools", "Model", "IntegerEnum.cs")
                 .toString()
         );
         assertNotNull(intEnumFile, "Could not find file for model: IntegerEnum");
         assertFileContains(intEnumFile.toPath(),
-                "reader.GetInt32()",
+                "reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture)",
+                "FromStringOrDefault(rawValue)",
+                "throw new JsonException()",
                 "writer.WriteNumberValue(",
                 "public static int ToJsonValue(IntegerEnum value)"
         );
@@ -294,14 +296,16 @@ public void testIntegerEnumJsonConverterUsesNumericOperations() throws IOExcepti
                 "writer.WriteStringValue("
         );
 
-        // Verify long enum uses int64 reader with actual int64 values
+        // Verify long enum uses int64 reader with validation and actual int64 values
         File longEnumFile = files.get(Paths
                 .get(output.getAbsolutePath(), "src", "Org.OpenAPITools", "Model", "LongEnum.cs")
                 .toString()
         );
         assertNotNull(longEnumFile, "Could not find file for model: LongEnum");
         assertFileContains(longEnumFile.toPath(),
-                "reader.GetInt64()",
+                "reader.GetInt64().ToString(System.Globalization.CultureInfo.InvariantCulture)",
+                "FromStringOrDefault(rawValue)",
+                "throw new JsonException()",
                 "writer.WriteNumberValue(",
                 "public static long ToJsonValue(LongEnum value)",
                 "AboveInt32Max = 2147483648",

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/EnumTestEnumInteger.cs

@@ -104,9 +104,11 @@ public class EnumTestEnumIntegerJsonConverter : JsonConverter<EnumTestEnumIntege
         /// <returns></returns>
         public override EnumTestEnumInteger Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            EnumTestEnumInteger result = (EnumTestEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            EnumTestEnumInteger? result = EnumTestEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -138,9 +140,11 @@ public class EnumTestEnumIntegerNullableJsonConverter : JsonConverter<EnumTestEn
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            EnumTestEnumInteger result = (EnumTestEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            EnumTestEnumInteger? result = EnumTestEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/EnumTestEnumIntegerOnly.cs

@@ -104,9 +104,11 @@ public class EnumTestEnumIntegerOnlyJsonConverter : JsonConverter<EnumTestEnumIn
         /// <returns></returns>
         public override EnumTestEnumIntegerOnly Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            EnumTestEnumIntegerOnly result = (EnumTestEnumIntegerOnly)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            EnumTestEnumIntegerOnly? result = EnumTestEnumIntegerOnlyValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -138,9 +140,11 @@ public class EnumTestEnumIntegerOnlyNullableJsonConverter : JsonConverter<EnumTe
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            EnumTestEnumIntegerOnly result = (EnumTestEnumIntegerOnly)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            EnumTestEnumIntegerOnly? result = EnumTestEnumIntegerOnlyValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/OuterEnumInteger.cs

@@ -115,9 +115,11 @@ public class OuterEnumIntegerJsonConverter : JsonConverter<OuterEnumInteger>
         /// <returns></returns>
         public override OuterEnumInteger Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            OuterEnumInteger result = (OuterEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            OuterEnumInteger? result = OuterEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -149,9 +151,11 @@ public class OuterEnumIntegerNullableJsonConverter : JsonConverter<OuterEnumInte
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            OuterEnumInteger result = (OuterEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            OuterEnumInteger? result = OuterEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/OuterEnumIntegerDefaultValue.cs

@@ -115,9 +115,11 @@ public class OuterEnumIntegerDefaultValueJsonConverter : JsonConverter<OuterEnum
         /// <returns></returns>
         public override OuterEnumIntegerDefaultValue Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            OuterEnumIntegerDefaultValue result = (OuterEnumIntegerDefaultValue)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            OuterEnumIntegerDefaultValue? result = OuterEnumIntegerDefaultValueValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -149,9 +151,11 @@ public class OuterEnumIntegerDefaultValueNullableJsonConverter : JsonConverter<O
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            OuterEnumIntegerDefaultValue result = (OuterEnumIntegerDefaultValue)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            OuterEnumIntegerDefaultValue? result = OuterEnumIntegerDefaultValueValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/RequiredClassRequiredNotnullableEnumInteger.cs

@@ -104,9 +104,11 @@ public class RequiredClassRequiredNotnullableEnumIntegerJsonConverter : JsonConv
         /// <returns></returns>
         public override RequiredClassRequiredNotnullableEnumInteger Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNotnullableEnumInteger result = (RequiredClassRequiredNotnullableEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNotnullableEnumInteger? result = RequiredClassRequiredNotnullableEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -138,9 +140,11 @@ public class RequiredClassRequiredNotnullableEnumIntegerNullableJsonConverter :
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNotnullableEnumInteger result = (RequiredClassRequiredNotnullableEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNotnullableEnumInteger? result = RequiredClassRequiredNotnullableEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/RequiredClassRequiredNotnullableEnumIntegerOnly.cs

@@ -104,9 +104,11 @@ public class RequiredClassRequiredNotnullableEnumIntegerOnlyJsonConverter : Json
         /// <returns></returns>
         public override RequiredClassRequiredNotnullableEnumIntegerOnly Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNotnullableEnumIntegerOnly result = (RequiredClassRequiredNotnullableEnumIntegerOnly)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNotnullableEnumIntegerOnly? result = RequiredClassRequiredNotnullableEnumIntegerOnlyValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -138,9 +140,11 @@ public class RequiredClassRequiredNotnullableEnumIntegerOnlyNullableJsonConverte
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNotnullableEnumIntegerOnly result = (RequiredClassRequiredNotnullableEnumIntegerOnly)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNotnullableEnumIntegerOnly? result = RequiredClassRequiredNotnullableEnumIntegerOnlyValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/RequiredClassRequiredNullableEnumInteger.cs

@@ -104,9 +104,11 @@ public class RequiredClassRequiredNullableEnumIntegerJsonConverter : JsonConvert
         /// <returns></returns>
         public override RequiredClassRequiredNullableEnumInteger Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNullableEnumInteger result = (RequiredClassRequiredNullableEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNullableEnumInteger? result = RequiredClassRequiredNullableEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -138,9 +140,11 @@ public class RequiredClassRequiredNullableEnumIntegerNullableJsonConverter : Jso
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNullableEnumInteger result = (RequiredClassRequiredNullableEnumInteger)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNullableEnumInteger? result = RequiredClassRequiredNullableEnumIntegerValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>

samples/client/petstore/csharp/generichost/net10/FormModels/src/Org.OpenAPITools/Model/RequiredClassRequiredNullableEnumIntegerOnly.cs

@@ -104,9 +104,11 @@ public class RequiredClassRequiredNullableEnumIntegerOnlyJsonConverter : JsonCon
         /// <returns></returns>
         public override RequiredClassRequiredNullableEnumIntegerOnly Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNullableEnumIntegerOnly result = (RequiredClassRequiredNullableEnumIntegerOnly)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNullableEnumIntegerOnly? result = RequiredClassRequiredNullableEnumIntegerOnlyValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>
@@ -138,9 +140,11 @@ public class RequiredClassRequiredNullableEnumIntegerOnlyNullableJsonConverter :
             if (reader.TokenType == JsonTokenType.Null)
                 return null;
 
-            int rawValue = reader.GetInt32();
-            RequiredClassRequiredNullableEnumIntegerOnly result = (RequiredClassRequiredNullableEnumIntegerOnly)rawValue;
-            return result;
+            string rawValue = reader.GetInt32().ToString(System.Globalization.CultureInfo.InvariantCulture);
+            RequiredClassRequiredNullableEnumIntegerOnly? result = RequiredClassRequiredNullableEnumIntegerOnlyValueConverter.FromStringOrDefault(rawValue);
+            if (result != null)
+                return result.Value;
+            throw new JsonException();
         }
 
         /// <summary>